These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system, dubbed as CVE-2013-5329, CVE-2013-5330.
The following software versions are affected and should be updated as soon as possible:
- Adobe Flash Player 11.9.900.117 and earlier versions for Mac and Windows
- Adobe Flash Player 11.2.202.310 and earlier versions for Linux
- Adobe AIR 3.9.0.1030 and earlier versions for Windows and Macintosh
Adobe has also released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux, addresses two vulnerabilities:
- Cross-site scripting (XSS) vulnerability (CVE-2013-5326)
- Allow unauthorized remote read access (CVE-2013-5328)
Both products have been patched multiple times this year. In January four critical vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632) were exploited by hackers to access and steal sensitive data stored on the servers.
In May, Hackers used these flaws to breach Washington state's Administrative Office of the Courts. In that hack hackers accessed as many as 160,000 Social Security numbers and up to one million drivers license number.
HotFix (APSB13-26) for Adobe Flash Player and (APSB13-27) for Adobe ColdFusion are available for Download. Install the appropriate Adobe patches immediately, or let the Adobe's updater do it for you.
In May, Hackers used these flaws to breach Washington state's Administrative Office of the Courts. In that hack hackers accessed as many as 160,000 Social Security numbers and up to one million drivers license number.
HotFix (APSB13-26) for Adobe Flash Player and (APSB13-27) for Adobe ColdFusion are available for Download. Install the appropriate Adobe patches immediately, or let the Adobe's updater do it for you.
